Expand Minimize

Disallow use of the function constructor

This is implied code evaluation, the function contructor cause cross site scripting attack vulnerabilities in the code

CheckId SPC058908
TypeName DisallowFunctionConstructor
Severity Error
Type JavaScriptFile

Bad Practice

var x = new Function("a", "b", "return a + b");

Good Practice
var x = function (a, b) {    return a + b;};

Disclaimer: The views and opinions expressed in this documentation and in SPCAF do not necessarily reflect the opinions and recommendations of Microsoft or any member of Microsoft. SPCAF and RENCORE are registered trademarks of Rencore. All other trademarks, service marks, collective marks, copyrights, registered names, and marks used or cited by this documentation are the property of their respective owners.